Current weather

published Sunday, October 23, 2011

There’s an expression in Washington about politicians and agencies that find themselves in hot water: It’s not the crime, it’s the cover-up.

In the case of the Social Security Administration’s massive breach of confidentiality, it wasn’t a crime, but incompetence, and not so much a cover-up as total inaction by the agency.

SSA failed to inform tens of thousands of Americans that over the past 20 years their names, addresses, birth dates and Social Security numbers had inadvertently been released to a publicly available database widely used by business.

The agency’s failure to inform the at-risk parties ignored government guidelines and recommendations for dealing with security breaches and violates the intent, if not the letter, of the U.S. Privacy Act.

The database is called the Death Master File and contains the records of 90 million dead Americans; it was begun in large part at the urging of business. Administered properly, the death file is a useful tool in preventing con artists from assuming the identities of deceased Americans.

The problem is that each year the names and other personal information of 14,000 living Americans are mistakenly entered in the file. Since the SSA declines to issue warnings, the first inkling many Americans have of the release of their private information is when they become victims of identity theft. ...

Forty-six states make disclosure of confidentiality breaches mandatory for state and local agencies. The White House Office of Management and Budget has urged a federal policy of public admission and individual notification. Clearly, Congress should make that policy mandatory, too.